System Tool 2011 Virus

wat docdude · 21 Nov 2010

So my dad goes to hotels all the time with shoddy networks and browses the internet. It seems like everyday he comes back with some form of malware or another

.

These rogue anti-viruses are what he has trouble with. It's sometimes possible just to remove some of the other things with a quick MBAM scan, but these things are just too hard for me to get rid of by myself.

The one that really has me stumped right now is "System Tools 2011". An icon popped up on the desktop with a padlock logo labeled "System Tools 2011", and it changed the backround to a really cheesy warning about how everything you do is saved on the computer and junk. It's pretty obviously fake, because of the fact that it's just a backround. I can change it to anthing else through the controll panel, and the backround has some binary in the backround to make it look official (Think The Matrix).

The only program it will let me run is IE. Anything else that I try to run comes up with a pop up from the virus that says it's infected. Anything from MBAM to The Snipping Tool.

I can't really think of anything more. I've done some googling and nothing has helped, and I don't want my dad to have to spend money to get this off of his computer.

Any ideas on how I can get this off the computer? It seems so difficult because it won't let anything else run.

yowanvista · 21 Nov 2010

Try scanning with mbam in safe mode

Jaxryley · 21 Nov 2010

Or go into MBAM's programs folder and rename mbam.exe to iexplore.exe and see if it will come up.

If it does start don't forget to try and update first before a scan.

If still no go then you could try the RogueKiller from the link below which is able to kill exe killing rogues if active and can even nullify quite a few from auto starting and then try a scan with MBAM to cleanup any dregs.

RogueKiller

Victek · 21 Nov 2010

wat docdude said:

These rogue anti-viruses are what he has trouble with. It's sometimes possible just to remove some of the other things with a quick MBAM scan, but these things are just too hard for me to get rid of by myself.

If your dad is running XP boot into SAFE mode and log into the (normally hidden) Admin account. Rogue AV's often install in the user account and won't be active when you login as Admin. Run a "quick scan" with MBAM. If MBAM doesn't catch it followup with SuperAntiSpyware.

If the OS is Vista/7 try SAFE mode first. If that doesn't work see if you can create a new Admin account and then log into it in SAFE mode...try the scans.

Jacee · 21 Nov 2010

Look at the top post here New Malware Threat System Tool 2011 - Spiceworks Community see if the same item is in the registry

Bill2 · 21 Nov 2010

See here for the files and registry entries created by System Tool 2011, you can remove them manually after scanning with MBAM.

System Tool 2011 | Virus Removal at im-infected.com

wat docdude · 21 Nov 2010

Bill2 said:

See here for the files and registry entries created by System Tool 2011, you can remove them manually after scanning with MBAM.

System Tool 2011 | Virus Removal at im-infected.com

Thank you very much. I got it now. :)

kpitao · 07 Jan 2011

Same problem here!!! PLEASE HELP!!

I'm good with pcs, build and repair, always have a friend's pc to clean up.

But this virus is killing me, I cannot start any programs except IE and Windows explorer. I tried already to create another user, no go.... cannot start task manager or computer manager.The worse thing is I cannot even start in safe mode!!!

Somehow this crap block access to my keyboard even before windows starts!

The only thing that may work is a script to boot in safe mode. But I don't know how to create a scrpit at all.

Any ideas?

r3plicat3 · 23 Jan 2011

kpitao said:

Same problem here!!! PLEASE HELP!!

I'm good with pcs, build and repair, always have a friend's pc to clean up.

But this virus is killing me, I cannot start any programs except IE and Windows explorer. I tried already to create another user, no go.... cannot start task manager or computer manager.The worse thing is I cannot even start in safe mode!!!

Somehow this crap block access to my keyboard even before windows starts!

The only thing that may work is a script to boot in safe mode. But I don't know how to create a scrpit at all.

Any ideas?

go into your \system32 directory and find taskmgr.exe, doesn't matter if it wont work, just copy it and paste the copy to your desktop somewhere. rename it to iexplore.exe and run it. This will trick your virus into thinking that its really internet explorer and you can disable the goofy app with wierd strings of letters. youll notice it is usually letters and numbers like vdus87s9d9sdsd8 or something.
end those tasks, then run msconfig in run and disable it from the programs in the startup tab. Once you do that, use your antivirus tools like Malwarebytes' et al.

Good luck.

zelkan · 26 Feb 2011

Hi,

after some trouble with this virus myself i found that the following file was created

c:/program data/pdapjni06300/pdapjni06300.exe

i removed all entries in the registry and deleted the file..

this did get rid of the virus however all of my shortcut links for IE etc are now defunct, i will still need to rebuild the machine

hope this helps people out

System Tool 2011 Virus

System Tool 2011 Virus

filename